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DETAILED ACTION 

1. Claims 1-35 remains pending. 

2. In view of the Appeal Brief filed on 1 2/27/2007, PROSECUTION IS HEREBY REOPENED. A Non- 
Final rejection is set forth below. 

To avoid abandonment of the application, appellant must exercise one of the following two options: 

(1 ) file a reply under 37 CFR 1.111 (if this Office action is non-final) or a reply under 37 CFR 1.113 
(if this Office action is final); or, 

(2) initiate a new appeal by filing a notice of appeal under 37 CFR 41 .31 followed by an appeal brief 
under 37 CFR 41 .37. The previously paid notice of appeal fee and appeal brief fee can be applied to the 
new appeal. If, however, the appeal fees set forth in 37 CFR 41 .20 have been increased since they were 
previously paid, then appellant must pay the difference between the increased fees and the amount 
previously paid. 

Claim Rejections - 35 USC § 101 

3. 5 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and 
useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. 

Claims 1-32 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non- 
statutory subject matter. 

The claimed invention recites an article of manufacture, a system, and a method. However, 
specification is directed otherwise because the specification is reciting that the claimed invention may be 
implemented by hardware, software, or any combination. Thus, claims 1-32 are directed to software 
program per se. Below are just some examples as directing to software program and carrier wave per se. 
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Applicant is suggested to go through the entire specification to verify with all statutory requirements. The 
following examples recite software program: 

a) user interface management may be implemented by hardware, software, or any combination (paragraph 
0019). 

b) Machine accessible media may contain computer readable program code (0021). 

c) Elements of the embodiment of the invention may be implemented by hardware, firmware, software, or 
any combination (0022). 

d) The program or code segments can be stored in a processor or machine accessible medium or 
transmitted by a computer data signal embodied in a carrier wave, or a signal modulated by a carrier, over 
a transmission medium (0022). 

e) All or part of an embodiment of the invention may be implemented by hardware, software, or firmware, 
or any combination thereof. An apparatus may include any combination of hardware, software, and 
firmware modules (0023). 

MPEP: 

When nonfunctional descriptive material is recorded on some computer-readable medium, in a computer or on an 
electromagnetic carrier signal, it is not statutory since no requisite functionality is present to satisfy the practical 
application requirement. Merely claiming nonfunctional descriptive material, i.e., abstract ideas, stored on a computer- 
readable medium, in a computer, or on an electromagnetic carrier signal, does not make it statutory . See Diehr, 450 
U.S. at 185-86, 209 USPQ at 8 (noting that the claims for an algorithm in Benson were unpatentable as abstract ideas 
because "[t]he sole practical application of the algorithm was in connection with the programming of a general purpose 
computer."). Such a result would exalt form over substance. In re Sarkar, 588 F.2d 1330, 1333,200 USPQ 132, 137 
(CCPA 1978) ("[E]ach invention must be evaluated as claimed; yet semantogenic considerations preclude a 
determination based solely on words appearing in the claims. In the final analysis under § 101, the claimed invention, 
as a whole, must be evaluated for what it is.") (quoted with approval in Abele, 684 F.2d at 907, 214 USPQ at 687). See 
also In re Johnson, 589 F.2d 1070, 1077, 200 USPQ 199, 206 (CCPA 1978) ("form of the claim is often an exercise in 
drafting"). Thus, nonstatutory music is not a computer component, and it does not become statutory by merely 
recording it on a compact disk. Protection for this type of work is provided under the copyright law. 

I. FUNCTIONAL DESCRIPTIVE MATERIAL: "DATA STRUCTURES " 
REPRESENTING DESCRIPTIVE MATERIAL PER SE OR COMPUTER 
PROGRAMS REPRESENTING COMPUTER LISTINGS PER SE 

Data structures not claimed as embodied in computer-readable media are descriptive material per se and are not 
statutory because they are not capable of causing functional change in the computer. See, e.g., Warmerdam, 33 F.3d 
at 1361, 31 USPQ2d at 1760 (claim to a data structure perse held nonstatutory). Such claimed data structures do not 
define any structural and functional interrelationships between the data structure and other claimed aspects of the 
invention which permit the data structure's functionality to be realized. In contrast, a claimed computer-readable 
medium encoded with a data structure defines structural and functional interrelationships between the data structure 
and the computer software and hardware components which permit the data structure's functionality to be realized, 
and is thus statutory. 

Similarly, computer programs claimed as computer listings perse, i.e., the descriptions or expressions of the 
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programs, are not physical "things." They are neither computer components nor statutory processes, as they are not 
"acts" being performed. Such claimed computer programs do not define any structural and functional interrelationships 
between the computer program and other claimed elements of a computer which permit the computer program's 
functionality to be realized. In contrast, a claimed computer-readable medium encoded with a computer program is a 
computer element which defines structural and functional interrelationships between the computer program and the 
rest of the computer which permit the computer program's functionality to be realized, and is thus statutory. See Lowry, 
32 F.3d at 1583-84, 32 USPQ2d at 1035. Accordingly, it is important to distinguish claims that define descriptive 
material per se from claims that define statutory inventions. 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set 
forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this 
title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a 
whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 1-32 are rejected under 35 U.S.C. 103(a) as being unpatentable over Qu, et al. (US 
6,792,530), and in view of Lenstra, et al. (US 7,076,061). 
As per claim 1: 

Roy discloses the method for generating a shared key comprising: 

providing a first certificate from a first peer to a second peer, the first certificate including a plurality 
of first parameters, the first peer and second peer being communicated over a network; (col.2, lines 26- 
36) 

performing a first exponentiation operation to generate a first public key from the second peer using 
at least one parameter of the plurality of first parameters and a first private key from the second peer, 
wherein the first parameters being digital signature standard parameters; (col.2, lines 38-47 and col.3, 
lines 57-67) 

providing a second certificate and the first public key from the second peer to the first peer, the 
second certificate comprising a plurality of second parameters; (col.9, lines 20-67 and col. 17, lines 1-21) 
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performing a second exponentiation operation to generate a shared secret key for the second peer 
using at least one parameter from the plurality of first parameters; (col. 17, lines 25-45 and col.20, line 1) 

performing a third exponentiation operation to generate the shared secret key for the first peer using 
the first public key from the second peer and a private key from the first peer. (col. 17, lines 64-67 and 
col.20, line 2-8) 

Qu teaches an invention that seeks to provide an efficient ID-based implicit certificate scheme, 
which provides improved computational speeds over existing schemes (col. 2, lines 26-29). Qu teaches 
reconstructing user A's public key needs only 3 known basis exponentiation operations and 3 multiplication 
operations. When the signature is valid, CA2, CA3, and user A's public key are implicitly verified (col. 18, 
lines 22-28). Qu further discloses suggests the claimed invention where with the implicit certificate 
scheme, each party only does three exponentiation operations to get the shared key while at the same 
time performing authentication key agreement and implicit public key verification (col.20, line 1-8). Qu did 
not suggest the advantage of the three exponentiation operations. Thus, Lenstra is combined with Qu. 

Lenstra teaches the invention that provides improvements on in key generation and cryptographic 
applications in public key cryptography, by both reducing: 1) the bit-length of public keys and other 
messages, thereby reducing the bandwidth requirements of telecommunications devices, such as wireless 
telephone sets, and 2) the computational effort required to generate keys, to encrypt/decrypt and to 
generate/verify digital signatures (col. 2, lines 20-27). Lenstra discloses the use Algorithm 2.4.4 with n=z 
and B replaced by xtr(u.sub.l) to compute .kappa.=xtr((g.sub.1).sup.zr). 8. As in [8: Section 5.2], compute 
the decryption key K by hashing .kappa, to an l-bit string with the public 2-universal hash function from 
Step 7 of the encryption. 9. Output M=C.sub.K.sup.-1(e). The original CSC decryption needs one single 
exponentiation and one combined double exponentiation, whereas XTR-CSC decryption requires three 
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exponentiations in the subgroup (and a square-root computation in GF(p) for Step 1 ). It follows from 
Remarks 2.4.6 and 2.5.5 that the total computational effort for the latter exponentiations is less than one 
third of the total effort of the former, assuming the original CSC is implemented using traditional subgroups. 
If the full multiplicative group is used for the original CSC, then using XTR-CSC instead is even more 
advantageous (col. 33, lines 33-50). 

Therefore, it would have been obvious for a person of ordinary skills in the art to combine Qu and 
Lenstra to teach generating a shared key comprises three exponentiation operations because reducing the 
bandwidth and the computational effort required to generate keys (Lenstra - col. 2, lines 20-27 and col. 33, 
lines 33-50). 

As per claim 2: See Qu on col.3, lines 57-67; discussing the method according to claim 1 wherein the 
first certificate is a DSA type certificate. 

As per claim 3: See Qu on col.20, line 1-8 and col. 18, lines 22-28; discussing the method according 
to claim 2 wherein the first and second parameters comprise a prime number p.sub.dss, a prime number 
q.sub.dss a generator g.sub.dss and a public key for the first and second peers, respectively. 
As per claim 4: See Qu on col. 17, line 1-67 and col. 18, lines 22-28; discussing the method 
according to claim 3 wherein the first exponentiation operation to generate the first public key is 
Y.sub.R=g.sub.dss{circumfle- x over ( )}X.sub.R mod p.sub.dss where X.sub.R is a one-time private key 
from the second peer. 

As per claim 5: See Qu on col. 17, line 1-67 and col. 18, lines 22-28; discussing the method 
according to claim 4 wherein the second exponentiation operation to generate the shared secret key for the 
second peer is .sub.SSK=Y.sub.Adss{circumflex over ( )}X.sub.R mod p.sub.dss where Y.sub.Adss is a 
DSS public key from certificate of peer A. 
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As per claim 6: See Qu on col. 17, line 1-67 and col. 18, lines 22-28; discussing the method 
according to claim 5 wherein Y.sub.Adss=g.sub.dss{circumflex over ( )}X.sub.Adss mod p.sub.dss where 
X.sub.Adss is a DSS private key from certificate of peer A. 

As per claim 7: See Qu on col. 17, line 1-67 and col. 18, lines 22-28; discussing the method 
according to claim 5 wherein the third exponentiation operation to generate the shared secret key for the 
first peer is Y.sub.SSK=YR{circumflex over ( )}X.sub.Adss mod p.sub.dss where X.sub.Adss is a DSS 
private key from certificate of peer A. 

As per claim 8: See Lenstra on col.2, lines 23-26; discussing the method according to claim 1 
wherein the first and second certificates are sent to the second and first peers, respectively, over a 
wireless network. 
As per claim 9: 

Roy discloses the article of manufacture comprising: 

a machine accessible medium including data that, when accessed by a machine, causes the 
machine to perform operations comprising: 

providing a first certificate from a first peer to a second peer, the first certificate including a plurality 
of first parameters; (col.2, lines 26-36) 

performing a first exponentiation operation to generate a first public key from the second peer using 
the plurality of first parameters and the first private key from the second peer; (col.2, lines 38-47 and 
col.3, lines 57-67) 

providing a second certificate and the first public key from the second peer to the first peer, the 
second certificate comprising a plurality of second parameters; (col.9, lines 20-67 and col. 17, lines 1-21) 
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performing a second exponentiation operation to generate a shared secret key for the second peer 
using at least one parameter from the plurality of first parameters; (col. 17, lines 25-45 and col.20, line 1) 

performing a third exponentiation operation to generate the shared secret key for the first peer using 
the first public key from the second peer and a private key from the first peer. (col. 17, lines 64-67 and 
col.20, line 2) 

Qu teaches an invention that seeks to provide an efficient ID-based implicit certificate scheme, 
which provides improved computational speeds over existing schemes (col. 2, lines 26-29). Qu teaches 
reconstructing user A's public key needs only 3 known basis exponentiation operations and 3 multiplication 
operations. When the signature is valid, CA2, CA3, and user A's public key are implicitly verified (col. 18, 
lines 22-28). Qu further discloses suggests the claimed invention where with the implicit certificate 
scheme, each party only does three exponentiation operations to get the shared key while at the same 
time performing authentication key agreement and implicit public key verification (col.20, line 1-8). Qu did 
not suggest the advantage of the three exponentiation operations. Thus, Lenstra is combined with Qu. 

Lenstra teaches the invention that provides improvements on in key generation and cryptographic 
applications in public key cryptography, by both reducing: 1) the bit-length of public keys and other 
messages, thereby reducing the bandwidth requirements of telecommunications devices, such as wireless 
telephone sets, and 2) the computational effort required to generate keys, to encrypt/decrypt and to 
generate/verify digital signatures (col. 2, lines 20-27). Lenstra discloses the use Algorithm 2.4.4 with n=z 
and B replaced by xtr(u.sub.l) to compute .kappa.=xtr((g.sub.1).sup.zr). 8. As in [8: Section 5.2], compute 
the decryption key K by hashing .kappa, to an l-bit string with the public 2-universal hash function from 
Step 7 of the encryption. 9. Output M=C.sub.K.sup.-1(e). The original CSC decryption needs one single 
exponentiation and one combined double exponentiation, whereas XTR-CSC decryption requires three 
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exponentiations in the subgroup (and a square-root computation in GF(p) for Step 1 ). It follows from 
Remarks 2.4.6 and 2.5.5 that the total computational effort for the latter exponentiations is less than one 
third of the total effort of the former, assuming the original CSC is implemented using traditional subgroups. 
If the full multiplicative group is used for the original CSC, then using XTR-CSC instead is even more 
advantageous (col. 33, lines 33-50). 

Therefore, it would have been obvious for a person of ordinary skills in the art to combine Qu and 
Lenstra to teach generating a shared key comprises three exponentiation operations because reducing the 
bandwidth and the computational effort required to generate keys (Lenstra - col. 2, lines 20-27 and col. 33, 
lines 33-50).As per claim 10: See Qu on col.9, lines 32-35; discussing the article of manufacture 
according to claim 9 wherein the first certificate is a DSA type certificate. 
As per claim 11: See Qu on col.20, line 1-8 and col. 18, lines 22-28; discussing the article of 
manufacture according to claim 10 wherein the first and second parameters comprise a prime number 
p.sub.dss, a prime number q.sub.dss, a generator g. sub. dss and a public key for the first and second 
peers, respectively. 

As per claim 12: See Qu on col.20, line 1-8 and col. 18, lines 22-28; discussing the article of 
manufacture according to claim 1 1 wherein the first exponentiation operation to generate the first public 
key is Y.sub.R=g.sub.dss{circumflex over ( )}XR mod p.sub.dss where X.sub.R is a one-time private key 
from the second peer. 

As per claim 13: See Qu on col.20, line 1-8 and col. 18, lines 22-28; discussing the article of 
manufacture according to claim 12 wherein the second exponentiation operation to generate the shared 
secret key for the second peer is Y.sub.SSK=Y.sub.Adss{circumflex over ( )}X.sub.R mod p.sub.dss where 
Y.sub.Adss is a DSS public key from certificate of peer A. 
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As per claim 14: See Qu on col.20, line 1-8 and col. 18, lines 22-28; discussing the article of 
manufacture according to claim 13 wherein Y.sub.Adss=g.sub.dss{circumflex over ( )}X.sub.Adss mod 
p.sub.dss where X.sub.Adss is a DSS private key from certificate of peer A. 
As per claim 15: See Qu on col.20, line 1-8 and col. 18, lines 22-28; discussing the article of 
manufacture according to claim 13 wherein the third exponentiation operation to generate the shared 
secret key for the first peer is Y.sub.SSK=Y.sub.R{circumflex over ( )} X.subAdss mod p.sub.dss where 
X.sub.Adss is a DSS private key from certificate of peer A. 

As per claim 16: See Lenstra on col.2, lines 23-26; discussing the article of manufacture according to 
claim 9 wherein the first and second certificates are sent to the second and first peers, respectively, over a 
wireless network. 
As per claim 17: 

Roy discloses a system comprising: 

a processor; and a memory coupled to the processor, the memory containing program code that, 
when executed by the processor, causes the processor to: 

provide a first certificate from a first peer to a second peer, the first certificate including a plurality of 
first parameters; (col.2, lines 26-36) 

perform a first exponentiation operation to generate a first public key from the second peer using the 
plurality of first parameters and the first private key from the second peer; (col.2, lines 38-47 and col.3, 
lines 57-67) 

provide a second certificate and the first public key from the second peer to the first peer; the 
second certificate comprising a plurality of second parameters; (col.9, lines 20-67 and col. 17, lines 1-21) 
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perform a second exponentiation operation to generate a shared secret key for the second peer 
using at least one parameter from the plurality of first parameters; (col. 17, lines 25-45 and col.20, line 1) 

performing a third exponentiation operation to generate the shared secret key for the first peer using 
the first public key from the second peer and a private key from the first peer. (col. 17, lines 64-67 and 
col.20, line 2) 

Qu teaches an invention that seeks to provide an efficient ID-based implicit certificate scheme, 
which provides improved computational speeds over existing schemes (col. 2, lines 26-29). Qu teaches 
reconstructing user A's public key needs only 3 known basis exponentiation operations and 3 multiplication 
operations. When the signature is valid, CA2, CA3, and user A's public key are implicitly verified (col. 18, 
lines 22-28). Qu further discloses suggests the claimed invention where with the implicit certificate 
scheme, each party only does three exponentiation operations to get the shared key while at the same 
time performing authentication key agreement and implicit public key verification (col.20, line 1-8). Qu did 
not suggest the advantage of the three exponentiation operations. Thus, Lenstra is combined with Qu. 

Lenstra teaches the invention that provides improvements on in key generation and cryptographic 
applications in public key cryptography, by both reducing: 1) the bit-length of public keys and other 
messages, thereby reducing the bandwidth requirements of telecommunications devices, such as wireless 
telephone sets, and 2) the computational effort required to generate keys, to encrypt/decrypt and to 
generate/verify digital signatures (col. 2, lines 20-27). Lenstra discloses the use Algorithm 2.4.4 with n=z 
and B replaced by xtr(u.sub.l) to compute .kappa.=xtr((g.sub.1).sup.zr). 8. As in [8: Section 5.2], compute 
the decryption key K by hashing .kappa, to an l-bit string with the public 2-universal hash function from 
Step 7 of the encryption. 9. Output M=C.sub.K.sup.-1(e). The original CSC decryption needs one single 
exponentiation and one combined double exponentiation, whereas XTR-CSC decryption requires three 
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exponentiations in the subgroup (and a square-root computation in GF(p) for Step 1 ). It follows from 
Remarks 2.4.6 and 2.5.5 that the total computational effort for the latter exponentiations is less than one 
third of the total effort of the former, assuming the original CSC is implemented using traditional subgroups. 
If the full multiplicative group is used for the original CSC, then using XTR-CSC instead is even more 
advantageous (col. 33, lines 33-50). 

Therefore, it would have been obvious for a person of ordinary skills in the art to combine Qu and 
Lenstra to teach generating a shared key comprises three exponentiation operations because reducing the 
bandwidth and the computational effort required to generate keys (Lenstra - col. 2, lines 20-27 and col. 33, 
lines 33-50). 

As per claim 18: See col.3, lines 57-67; discussing the system according to claim 17 wherein the first 
certificate is a DSA type certificate. 

As per claim 19: See Qu on col.20, line 1-8 and col. 18, lines 22-28; discussing the system according 
to claim 18 wherein the first and second parameters comprise a prime number p.sub.dss, a prime number 
q.sub.dss, a generator g.sub.dss and a public key for the first and second peers, respectively. 
As per claim 20: See Qu on col.20, line 1-8 and col. 18, lines 22-28; discussing the system according 
to claim 19 wherein the first exponentiation operation to generate the first public key is 
Y.sub.R=g.sub.dss{circumfle- x over ( )}X.sub.R mod p.sub.dss where X.sub.R is a one-time private key 
from the second peer. 

As per claim 21: See Qu on col.20, line 1-8 and col. 18, lines 22-28; discussing the system according 
to claim 20 wherein the second exponentiation operation to generate the shared secret key for the second 
peer is Y.sub.SSK=Y.sub.dss{circumflex over ( )}X.sub.R mod p.sub.dss where Y.sub.Adss is a DSS 
public key from certificate of peer A. 
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As per claim 22: See Qu on col.20, line 1-8 and col. 18, lines 22-28; discussing the system according 
to claim 21 wherein Y.sub.Adss=g.sub.dss{circumfl- ex over ( )}X.sub.Adss where X.sub.Adss is a DSS 
private key from certificate of peer A. 

As per claim 23: See Qu on col.20, line 1-8 and col. 18, lines 22-28; discussing the system according 
to claim 21 wherein the third exponentiation operation to generate the shared secret key for the first peer is 
Y.sub.SSK=YR{circumflex over ( )}X.sub.Adss mod p.sub.dss where X.sub.Adss is a DSS private key from 
certificate of peer A. 

As per claim 24: See Lenstra on col.2, lines 23-26; discussing the system according to claim 17 
wherein the first and second certificates are sent to the second and first peers, respectively, over a 
wireless network. 
As per claim 25: 

Roy discloses a method comprising: 

receiving a first certificate including a plurality first parameters; (col.2, lines 26-36) 
performing a first exponentiation operation to generate a first public key using at least one 

parameter of the plurality of first parameters and a first private key; (col.2, lines 38-47 and col.3, lines 57- 

67) 

receiving a second certificate and the first public key, the second certificate including a plurality of 
second parameters; (col.9, lines 20-67 and col. 17, lines 1-21) 

performing a second exponentiation operation to generate a first shared secret key using at least 
one parameter from the plurality of first parameters; (col. 17, lines 25-45 and col.20, line 1) 

performing a third exponentiation operation to generate a second shared secret key using the first 
public key and a private key. (col. 17, lines 64-67 and col.20, line 2) 
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Qu teaches an invention that seeks to provide an efficient ID-based implicit certificate scheme, 
which provides improved computational speeds over existing schemes (col. 2, lines 26-29). Qu teaches 
reconstructing user A's public key needs only 3 known basis exponentiation operations and 3 multiplication 
operations. When the signature is valid, CA2, CA3, and user A's public key are implicitly verified (col. 18, 
lines 22-28). Qu further discloses suggests the claimed invention where with the implicit certificate 
scheme, each party only does three exponentiation operations to get the shared key while at the same 
time performing authentication key agreement and implicit public key verification (col. 20, line 1-8). Qu did 
not suggest the advantage of the three exponentiation operations. Thus, Lenstra is combined with Qu. 

Lenstra teaches the invention that provides improvements on in key generation and cryptographic 
applications in public key cryptography, by both reducing: 1) the bit-length of public keys and other 
messages, thereby reducing the bandwidth requirements of telecommunications devices, such as wireless 
telephone sets, and 2) the computational effort required to generate keys, to encrypt/decrypt and to 
generate/verify digital signatures (col. 2, lines 20-27). Lenstra discloses the use Algorithm 2.4.4 with n=z 
and B replaced by xtr(u.sub.l) to compute .kappa.=xtr((g.sub.1).sup.zr). 8. As in [8: Section 5.2], compute 
the decryption key K by hashing .kappa, to an l-bit string with the public 2-universal hash function from 
Step 7 of the encryption. 9. Output M=C.sub.K.sup.-1(e). The original CSC decryption needs one single 
exponentiation and one combined double exponentiation, whereas XTR-CSC decryption requires three 
exponentiations in the subgroup (and a square-root computation in GF(p) for Step 1 ). It follows from 
Remarks 2.4.6 and 2.5.5 that the total computational effort for the latter exponentiations is less than one 
third of the total effort of the former, assuming the original CSC is implemented using traditional subgroups. 
If the full multiplicative group is used for the original CSC, then using XTR-CSC instead is even more 
advantageous (col. 33, lines 33-50). 



Application/ Control Number: 10/605,173 Page 15 

Art Unit: 2135 

Therefore, it would have been obvious for a person of ordinary skills in the art to combine Qu and 
Lenstra to teach generating a shared key comprises three exponentiation operations because reducing the 
bandwidth and the computational effort required to generate keys (Lenstra - col. 2, lines 20-27 and col. 33, 
lines 33-50). 

As per claim 26: See col.3, lines 57-67; discussing the method according to claim 25 wherein the first 
certificate is a DSA type certificate. 

As per claim 27: See Qu on col. 20, line 1-8 and col. 18, lines 22-28; discussing the method according 
to claim 26 wherein the first and second parameters each comprises a prime number p.sub.dss, a prime 
number q.sub.dss, a generator g.sub.dss and a public key. 

As per claim 28: See Qu on col.20, line 1-8 and col. 18, lines 22-28; discussing the method according 
to claim 27 wherein the first exponentiation operation to generate the first public key is 
Y.sub.R=g.sub.dss{circumfle- x over ( )}X.sub.R mod P.sub.dss where X.sub.R is a one-time private key. 
As per claim 29: See Qu on col.20, line 1-8 and col. 18, lines 22-28; discussing the method according 
to claim 28 wherein the second exponentiation operation to generate the first shared secret key for the 
second peer is .sub.SSK=Y.sub.Adss {circumflex over ( )}X.sub.R mod p.sub.dss where Y.sub.Adss is a 
DSS public key. 

As per claim 30: See Qu on col.20, line 1-8 and col. 18, lines 22-28; discussing the method according 
to claim 29 wherein Y.sub.Adss=g.sub.dss{circumfl- ex over ( )}X.sub.Adss mod p.sub.dss where 
X.sub.Adss is a DSS private key. 

As per claim 31: See Qu on col.20, line 1-8 and col. 18, lines 22-28; discussing the method according 
to claim 29 wherein the third exponentiation operation to generate a second shared secret key is 
Y.sub.SSK=Y.sub.R{circumflex over ( )}X.sub.Adss mod p.sub.dss where X.sub.Adss is a DSS private key. 
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As per claim 32: See Lenstra on col.2, lines 23-26; discussing the method according to claim 25 
wherein the first and second certificates are sent to the second and first peers, respectively, over a 
wireless network. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all obviousness rejections 
set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this 
title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a 
whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made. 

5. Claims 33-35 are rejected under 35 U.S.C. 103(a) as being unpatentable over Qu, et al. (US 
6,792,530) and Lenstra, et al. (US 7,076,061), and further in view of Yeager, et al. (US 7,222,187). 
As per claim 33: Qu and Lenstra combination teaches generating a shared key comprises three 
exponentiation operations for reducing the bandwidth and the computational effort required to generate 
keys (Lenstra - col.2, lines 20-27 and col.33, lines 33-50). However, did not include Bluetooth technology 
or Bluetooth network. 

Yeager discloses Embodiments of a decentralized, distributed trust mechanism are described that 
may be used in various networking platforms, including, but not limited to, peer-to-peer and other 
decentralized networking platforms. The mechanism may be used, among other things, to implement trust 
relationships between and among peers and to implement trust relationships between peers and content 
and data (col.2, lines 44-50). Roy discusses the peer-to-peer platform may be independent of specific 
security approaches where the peer-to-peer platform may provide a comprehensive set of security 
primitives to support the security solutions used by various peer-to-peer platform services and applications. 
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Embodiments of the peer-to-peer platform may provide one or more security primitives including, but not 
limited to: A simple crypto library supporting hash functions (e.g. MD5), symmetric encryption algorithms 
(e.g. RC4), and asymmetric crypto algorithms (e.g., Diffie-Hellman and RSA) (col. 58, line 61 - col. 57, line 
4). Roy further discloses that in order to interact with other peers the peer needs to be connected to some 
kind of network (wired or wireless) such as, IP, Bluetooth, or Havi, among others (col. 27, lines 31-35) and 
that peer-to-peer platform may be independent of transport protocols (col. 33, lines 21-25). For example, 
the peer-to-peer platform may be implemented on top of TCP/IP, HTTP, Bluetooth, HomePNA and other 
protocols. 

Therefore, it would have been obvious for a person of ordinary skills in the art to combine the 
teaching of the Qu and Lenstra combination with Yeager to teach a Bluetooth network because in order to 
interact with other peers the peer needs to be connected to some kind of network (wired or wireless) such 
as Bluetooth (Yeager -col .27, lines 31-35) and peer-to-peer platform may be independent of transport 
protocols that may be implemented on top Bluetooth (Yeager -col. 33, lines 21-25). 
As per claim 34: Qu and Lenstra combination teaches generating a shared key comprises three 
exponentiation operations for reducing the bandwidth and the computational effort required to generate 
keys (Lenstra - col. 2, lines 20-27 and col.33, lines 33-50). However, did not include Bluetooth technology 
or Bluetooth network. 

Yeager discloses Embodiments of a decentralized, distributed trust mechanism are described that 
may be used in various networking platforms, including, but not limited to, peer-to-peer and other 
decentralized networking platforms. The mechanism may be used, among other things, to implement trust 
relationships between and among peers and to implement trust relationships between peers and content 
and data (col. 2, lines 44-50). Roy discusses the peer-to-peer platform may be independent of specific 
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security approaches where the peer-to-peer platform may provide a comprehensive set of security 
primitives to support the security solutions used by various peer-to-peer platform services and applications. 
Embodiments of the peer-to-peer platform may provide one or more security primitives including, but not 
limited to: A simple crypto library supporting hash functions (e.g. MD5), symmetric encryption algorithms 
(e.g. RC4), and asymmetric crypto algorithms (e.g., Diffie-Hellman and RSA) (col. 58, line 61 - col. 57, line 
4). Roy further discloses that in order to interact with other peers the peer needs to be connected to some 
kind of network (wired or wireless) such as, IP, Bluetooth, or Havi, among others (col. 27, lines 31-35) and 
that peer-to-peer platform may be independent of transport protocols (col. 33, lines 21-25). For example, 
the peer-to-peer platform may be implemented on top of TCP/IP, HTTP, Bluetooth, HomePNA and other 
protocols. 

Therefore, it would have been obvious for a person of ordinary skills in the art to combine the 
teaching of Roy with Yeager to teach a Bluetooth network because in order to interact with other peers the 
peer needs to be connected to some kind of network (wired or wireless) such as Bluetooth (col .27, lines 
31-35) and peer-to-peer platform may be independent of transport protocols that may be implemented on 
top Bluetooth (col.33, lines 21-25). 

As per claim 35: Qu and Lenstra combination teaches generating a shared key comprises three 
exponentiation operations for reducing the bandwidth and the computational effort required to generate 
keys (Lenstra - col. 2, lines 20-27 and col.33, lines 33-50). However, did not include Bluetooth technology 
or Bluetooth network. 

Yeager discloses Embodiments of a decentralized, distributed trust mechanism are described that 
may be used in various networking platforms, including, but not limited to, peer-to-peer and other 
decentralized networking platforms. The mechanism may be used, among other things, to implement 
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trust relationships between and among peers and to implement trust relationships between peers and 
content and data (col. 2, lines 44-50). Roy discusses the peer-to-peer platform may be independent of 
specific security approaches where the peer-to-peer platform may provide a comprehensive set of security 
primitives to support the security solutions used by various peer-to-peer platform services and 
applications. Embodiments of the peer-to-peer platform may provide one or more security primitives 
including, but not limited to: A simple crypto library supporting hash functions (e.g. MD5), symmetric 
encryption algorithms (e.g. RC4), and asymmetric crypto algorithms (e.g., Diffie-Hellman and RSA) 
(col. 58, line 61 - col. 57, line 4). Roy further discloses that in order to interact with other peers the peer 
needs to be connected to some kind of network (wired or wireless) such as, IP, Bluetooth, or Havi, among 
others (col. 27, lines 31-35) and that peer-to-peer platform may be independent of transport protocols 
(col. 33, lines 21-25). For example, the peer-to-peer platform may be implemented on top of TCP/IP, 
HTTP, Bluetooth, HomePNA and other protocols. 

Therefore, it would have been obvious for a person of ordinary skills in the art to combine the 
teaching of Roy with Yeager to teach a Bluetooth network because in order to interact with other peers the 
peer needs to be connected to some kind of network (wired or wireless) such as Bluetooth (col. 27, lines 
31-35) and peer-to-peer platform may be independent of transport protocols that may be implemented on 
top Bluetooth (col.33, lines 21-25). 

Conclusion 

Any inquiry concerning this communication or earlier communications from the examiner should be directed 
to Leynna T. Truvan whose telephone number is (571) 272-3851. The examiner can normally be reached on 
Monday - Thursday (7:00 - 5:00PM). 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Kim Vu can be 
reached on (571) 272-3859. The fax phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application Information 
Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or 
Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more 
information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the 
Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like 
assistance from a USPTO Customer Service Representative or access to the automated information system, call 
800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/L T. 1.1 

Examiner, Art Unit 2135 
/KIMYEN VU/ 

Supervisory Patent Examiner, Art Unit 2135 



